{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,9]],"date-time":"2026-06-09T00:01:07Z","timestamp":1780963267773,"version":"3.54.1"},"reference-count":82,"publisher":"Elsevier BV","license":[{"start":{"date-parts":[[2026,7,1]],"date-time":"2026-07-01T00:00:00Z","timestamp":1782864000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/tdm\/userlicense\/1.0\/"},{"start":{"date-parts":[[2026,7,1]],"date-time":"2026-07-01T00:00:00Z","timestamp":1782864000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/legal\/tdmrep-license"},{"start":{"date-parts":[[2026,7,1]],"date-time":"2026-07-01T00:00:00Z","timestamp":1782864000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-017"},{"start":{"date-parts":[[2026,7,1]],"date-time":"2026-07-01T00:00:00Z","timestamp":1782864000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"},{"start":{"date-parts":[[2026,7,1]],"date-time":"2026-07-01T00:00:00Z","timestamp":1782864000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-012"},{"start":{"date-parts":[[2026,7,1]],"date-time":"2026-07-01T00:00:00Z","timestamp":1782864000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2026,7,1]],"date-time":"2026-07-01T00:00:00Z","timestamp":1782864000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-004"}],"content-domain":{"domain":["elsevier.com","sciencedirect.com"],"crossmark-restriction":true},"short-container-title":["Journal of Information Security and Applications"],"published-print":{"date-parts":[[2026,7]]},"DOI":"10.1016\/j.jisa.2026.104487","type":"journal-article","created":{"date-parts":[[2026,4,27]],"date-time":"2026-04-27T09:14:37Z","timestamp":1777281277000},"page":"104487","update-policy":"https:\/\/doi.org\/10.1016\/elsevier_cm_policy","source":"Crossref","is-referenced-by-count":0,"special_numbering":"C","title":["Unveiling malicious PDF behavior: Interpretable classification and profiling malicious PDF using TabNet"],"prefix":"10.1016","volume":"100","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-6386-7806","authenticated-orcid":false,"given":"Arousha","family":"Haghighian Roudsari","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1240-6433","authenticated-orcid":false,"given":"Arash","family":"Habibi Lashkari","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Woong-Kee","family":"Loh","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"78","reference":[{"key":"10.1016\/j.jisa.2026.104487_bib0001","doi-asserted-by":"crossref","DOI":"10.1155\/2022\/7218800","article-title":"EvadeRL: evading PDF malware classifiers with deep reinforcement learning","volume":"2022","author":"Mao","year":"2022","journal-title":"Secur Commun Netw"},{"key":"10.1016\/j.jisa.2026.104487_bib0002","unstructured":"Zhang J.. MLPDF: an effective machine learning based approach for PDF malware detection. 2018. arXiv: 180806991."},{"issue":"4","key":"10.1016\/j.jisa.2026.104487_bib0003","doi-asserted-by":"crossref","first-page":"2803","DOI":"10.1002\/int.22451","article-title":"Boosting training for PDF malware classifier via active learning","volume":"37","author":"Li","year":"2022","journal-title":"Int J Intell Syst"},{"key":"10.1016\/j.jisa.2026.104487_bib0004","series-title":"ICISSP","first-page":"562","article-title":"PDF malware detection based on stacking learning","author":"Issakhani","year":"2022"},{"key":"10.1016\/j.jisa.2026.104487_bib0005","doi-asserted-by":"crossref","first-page":"325","DOI":"10.1016\/j.future.2022.11.015","article-title":"Application of deep reinforcement learning in attacking and protecting structural features-based malicious PDF detector","volume":"141","author":"Jiang","year":"2023","journal-title":"Future Gener Comput Syst"},{"issue":"4","key":"10.1016\/j.jisa.2026.104487_bib0006","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3332184","article-title":"Towards adversarial malware detection: lessons learned from PDF-based attacks","volume":"52","author":"Maiorca","year":"2019","journal-title":"ACM Comput Surv (CSUR)"},{"key":"10.1016\/j.jisa.2026.104487_bib0007","series-title":"Malicious PDF documents detection using machine learning techniques","author":"Torres","year":"2018"},{"key":"10.1016\/j.jisa.2026.104487_bib0008","series-title":"Proceedings of the 15th International Conference on Security and Cryptography (SECRYPT)","first-page":"202","article-title":"Malware detection in PDF files using machine learning","author":"Cuan","year":"2018"},{"key":"10.1016\/j.jisa.2026.104487_bib0009","doi-asserted-by":"crossref","first-page":"314","DOI":"10.1016\/j.future.2020.09.015","article-title":"Improving malicious PDF classifier with feature engineering: a data-driven approach","volume":"115","author":"Falah","year":"2021","journal-title":"Future Gener Comput Syst"},{"issue":"2","key":"10.1016\/j.jisa.2026.104487_bib0010","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3042064","article-title":"Deep learning advances in computer vision with 3D data: a survey","volume":"50","author":"Ioannidou","year":"2017","journal-title":"ACM Comput Surv (CSUR)"},{"issue":"2","key":"10.1016\/j.jisa.2026.104487_bib0011","doi-asserted-by":"crossref","first-page":"604","DOI":"10.1109\/TNNLS.2020.2979670","article-title":"A survey of the usages of deep learning for natural language processing","volume":"32","author":"Otter","year":"2020","journal-title":"IEEE Trans Neural Netw Learn Syst"},{"key":"10.1016\/j.jisa.2026.104487_bib0012","series-title":"Deep learning","volume":"vol. 1","author":"Bengio","year":"2017"},{"key":"10.1016\/j.jisa.2026.104487_bib0013","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2025.104328","article-title":"HAE-HRL: a network intrusion detection system utilizing a novel autoencoder and a hybrid enhanced LSTM-CNN-based residual network","author":"Xue","year":"2025","journal-title":"Comput Secur"},{"key":"10.1016\/j.jisa.2026.104487_bib0014","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2024.103928","article-title":"A sequential deep learning framework for a robust and resilient network intrusion detection system","author":"Hore","year":"2024","journal-title":"Comput Secur"},{"key":"10.1016\/j.jisa.2026.104487_bib0015","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2022.102748","article-title":"A new DDoS attacks intrusion detection model based on deep learning for cybersecurity","volume":"118","author":"Akgun","year":"2022","journal-title":"Comput Secur"},{"key":"10.1016\/j.jisa.2026.104487_bib0016","doi-asserted-by":"crossref","first-page":"706","DOI":"10.1016\/j.ins.2021.05.016","article-title":"Autoencoder-based deep metric learning for network intrusion detection","volume":"569","author":"Andresini","year":"2021","journal-title":"Inf Sci"},{"key":"10.1016\/j.jisa.2026.104487_bib0017","doi-asserted-by":"crossref","DOI":"10.1016\/j.asoc.2022.108768","article-title":"A two-stage intrusion detection system with auto-encoder and LSTMs","volume":"121","author":"Mushtaq","year":"2022","journal-title":"Appl Soft Comput"},{"key":"10.1016\/j.jisa.2026.104487_bib0018","doi-asserted-by":"crossref","first-page":"386","DOI":"10.1016\/j.ins.2019.10.069","article-title":"A hybrid deep learning model for efficient intrusion detection in big data environment","volume":"513","author":"Hassan","year":"2020","journal-title":"Inf Sci"},{"key":"10.1016\/j.jisa.2026.104487_bib0019","doi-asserted-by":"crossref","DOI":"10.1016\/j.knosys.2021.107852","article-title":"A multi-task based deep learning approach for intrusion detection","volume":"238","author":"Liu","year":"2022","journal-title":"Knowl Based Syst"},{"key":"10.1016\/j.jisa.2026.104487_bib0020","series-title":"2020 The 10th international conference on communication and network security","first-page":"1","article-title":"DiDarknet: a contemporary approach to detect and characterize the darknet traffic using deep image learning","author":"Habibi Lashkari","year":"2020"},{"key":"10.1016\/j.jisa.2026.104487_bib0021","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2022.102663","article-title":"DarknetSec: a novel self-attentive deep learning method for darknet traffic classification and application identification","volume":"116","author":"Lan","year":"2022","journal-title":"Comput Secur"},{"key":"10.1016\/j.jisa.2026.104487_bib0022","doi-asserted-by":"crossref","first-page":"113705","DOI":"10.1109\/ACCESS.2021.3105000","article-title":"DarkDetect: darknet traffic detection and categorization using modified convolution-long short-term memory","volume":"9","author":"Sarwar","year":"2021","journal-title":"IEEE Access"},{"key":"10.1016\/j.jisa.2026.104487_bib0023","unstructured":"Fettaya R., Mansour Y.. Detecting malicious PDF using CNN. 2020.arXiv: 200712729."},{"issue":"17","key":"10.1016\/j.jisa.2026.104487_bib0024","doi-asserted-by":"crossref","first-page":"5888","DOI":"10.3390\/s21175888","article-title":"Towards interpretable deep learning: a feature selection framework for prognostics and health management using deep neural networks","volume":"21","author":"Figueroa Barraza","year":"2021","journal-title":"Sensors"},{"key":"10.1016\/j.jisa.2026.104487_bib0025","doi-asserted-by":"crossref","first-page":"93104","DOI":"10.1109\/ACCESS.2022.3204051","article-title":"Explainable artificial intelligence applications in cyber security: state-of-the-art in research","volume":"10","author":"Zhang","year":"2022","journal-title":"IEEE Access"},{"issue":"11","key":"10.1016\/j.jisa.2026.104487_bib0026","doi-asserted-by":"crossref","first-page":"789","DOI":"10.1007\/s12243-022-00926-7","article-title":"Explainable artificial intelligence for cybersecurity: a literature survey","volume":"77","author":"Charmet","year":"2022","journal-title":"Ann Telecommun"},{"key":"10.1016\/j.jisa.2026.104487_bib0027","article-title":"Deep neural networks and tabular data: a survey","author":"Borisov","year":"2022","journal-title":"IEEE Trans Neural Netw Learn Syst"},{"issue":"8","key":"10.1016\/j.jisa.2026.104487_bib0028","doi-asserted-by":"crossref","first-page":"1179","DOI":"10.1093\/europace\/euaa377","article-title":"Deep learning and the electrocardiogram: review of the current state-of-the-art","volume":"23","author":"Somani","year":"2021","journal-title":"EP Europace"},{"key":"10.1016\/j.jisa.2026.104487_bib0029","unstructured":"Cartella F., Anunciacao O., Funabiki Y., Yamaguchi D., Akishita T., Elshocht O.. Adversarial attacks for tabular data: application to fraud detection and imbalanced data. 2021. arXiv preprintarXiv: 2101.08030."},{"issue":"2","key":"10.1016\/j.jisa.2026.104487_bib0030","doi-asserted-by":"crossref","first-page":"1153","DOI":"10.1109\/COMST.2015.2494502","article-title":"A survey of data mining and machine learning methods for cyber security intrusion detection","volume":"18","author":"Buczak","year":"2015","journal-title":"IEEE Commun Surv Tutorials"},{"key":"10.1016\/j.jisa.2026.104487_bib0031","unstructured":"Somepalli G., Goldblum M., Schwarzschild A., Bruss C.B., Goldstein T.. Saint: improved neural networks for tabular data via row attention and contrastive pre-training. 2021. arXiv: 210601342."},{"key":"10.1016\/j.jisa.2026.104487_bib0032","unstructured":"Lundberg S.. A unified approach to interpreting model predictions. 2017. arXiv: 170507874."},{"key":"10.1016\/j.jisa.2026.104487_bib0033","series-title":"Proceedings of the 22nd ACM SIGKDD international conference on knowledge discovery and data mining","first-page":"1135","article-title":"\u201cWhy should i trust you?\u201d Explaining the predictions of any classifier","author":"Ribeiro","year":"2016"},{"key":"10.1016\/j.jisa.2026.104487_bib0034","first-page":"118305","article-title":"Explainable AI for intrusion detection systems: LIME and SHAP applicability on multi-layer perceptron","author":"Gaspar","year":"2024","journal-title":"IEEE Access"},{"key":"10.1016\/j.jisa.2026.104487_bib0035","first-page":"1","article-title":"Explainable AI model for PDFMal detection based on gradient boosting model","volume":"6","author":"Elattar","year":"2024","journal-title":"Neural Comput Appl"},{"key":"10.1016\/j.jisa.2026.104487_bib0036","first-page":"118305","article-title":"Problems with SHAP and LIME in interpretable AI for education: a comparative study of post-hoc explanations and neural-symbolic rule extraction","volume":"6","author":"Hooshyar","year":"2024","journal-title":"IEEE Access"},{"key":"10.1016\/j.jisa.2026.104487_bib0037","article-title":"A perspective on explainable artificial intelligence methods: shap and lime","volume":"6","author":"Salih","year":"2024","journal-title":"Adv Intell Syst"},{"key":"10.1016\/j.jisa.2026.104487_bib0038","series-title":"Proceedings of the AAAI conference on artificial intelligence","first-page":"6679","article-title":"TabNet: attentive interpretable tabular learning","volume":"vol. 35","author":"Arik","year":"2021"},{"issue":"1","key":"10.1016\/j.jisa.2026.104487_bib0039","doi-asserted-by":"crossref","first-page":"30","DOI":"10.1016\/j.istr.2009.04.001","article-title":"A look at portable document format vulnerabilities","volume":"14","author":"Rautiainen","year":"2009","journal-title":"Inf Secur Techn Rep"},{"key":"10.1016\/j.jisa.2026.104487_bib0040","series-title":"Symantec white paper","article-title":"Portable document format malware","author":"Itabashi","year":"2011"},{"key":"10.1016\/j.jisa.2026.104487_bib0041","series-title":"NDSS","article-title":"Extract me if you can: abusing PDF parsers in malware detectors","author":"Carmony","year":"2016"},{"key":"10.1016\/j.jisa.2026.104487_bib0042","series-title":"Presentations of Europe BlackHat 2008 conference","article-title":"Portable document format (PDF) security analysis and malware threats","author":"Blonce","year":"2008"},{"key":"10.1016\/j.jisa.2026.104487_bib0043","doi-asserted-by":"crossref","first-page":"38","DOI":"10.1016\/j.ins.2020.02.075","article-title":"A feature-vector generative adversarial network for evading PDF malware classifiers","volume":"523","author":"Li","year":"2020","journal-title":"Inf Sci"},{"key":"10.1016\/j.jisa.2026.104487_bib0044","series-title":"2014 44th annual IEEE\/IFIP international conference on dependable systems and networks","first-page":"100","article-title":"Detecting malicious javascript in PDF through document instrumentation","author":"Liu","year":"2014"},{"key":"10.1016\/j.jisa.2026.104487_bib0045","series-title":"Proceedings of the 2014 workshop on artificial intelligent and security workshop","first-page":"47","article-title":"Lux0R: detection of malicious PDF-embedded javascript code through discriminant analysis of API references","author":"Corona","year":"2014"},{"key":"10.1016\/j.jisa.2026.104487_bib0046","doi-asserted-by":"crossref","first-page":"34","DOI":"10.1155\/2019\/8485365","article-title":"Malware detection on byte streams of PDF files using convolutional neural networks","volume":"2019","author":"Jeong","year":"2019","journal-title":"Secur Commun Netw"},{"key":"10.1016\/j.jisa.2026.104487_bib0047","series-title":"Proceedings of the fourth European workshop on system security","first-page":"1","article-title":"Combining static and dynamic analysis for the detection of malicious documents","author":"Tzermias","year":"2011"},{"key":"10.1016\/j.jisa.2026.104487_bib0048","series-title":"Deep PDF parsing to extract features for detecting embedded malware","author":"Cross","year":"2011"},{"issue":"1","key":"10.1016\/j.jisa.2026.104487_bib0049","doi-asserted-by":"crossref","first-page":"80","DOI":"10.1109\/MSP.2011.14","article-title":"Malicious PDF documents explained","volume":"9","author":"Stevens","year":"2011","journal-title":"IEEE Secur Privacy"},{"key":"10.1016\/j.jisa.2026.104487_bib0050","first-page":"10949","article-title":"MMPD: a novel malicious PDF file detector for mobile robots","volume":"20","author":"Cui","year":"2020","journal-title":"IEEE Sens J"},{"issue":"DSTO-TR-2730","key":"10.1016\/j.jisa.2026.104487_bib0051","article-title":"Threat modelling adobe PDF: dsto-tr-2730","author":"Brandis","year":"2012","journal-title":"DSTO Formal Rep."},{"key":"10.1016\/j.jisa.2026.104487_bib0052","doi-asserted-by":"crossref","first-page":"246","DOI":"10.1016\/j.cose.2014.10.014","article-title":"Detection of malicious PDF files and directions for enhancements: a state-of-the art survey","volume":"48","author":"Nissim","year":"2015","journal-title":"Comput. Secur"},{"key":"10.1016\/j.jisa.2026.104487_bib0053","article-title":"Visualization-based comprehensive feature representation with improved efficientnet for malicious file and variant recognition","volume":"86","author":"Yao","year":"2024","journal-title":"J Inf Secur Appl"},{"key":"10.1016\/j.jisa.2026.104487_bib0054","series-title":"International conference on detection of intrusions and malware, and vulnerability assessment","first-page":"88","article-title":"Embedded malware detection using Markov n-grams","author":"Shafiq","year":"2008"},{"issue":"19","key":"10.1016\/j.jisa.2026.104487_bib0055","doi-asserted-by":"crossref","first-page":"3142","DOI":"10.3390\/electronics11193142","article-title":"PDF malware detection based on optimizable decision trees","volume":"11","author":"Abu Al-Haija","year":"2022","journal-title":"Electronics"},{"issue":"22","key":"10.1016\/j.jisa.2026.104487_bib0056","doi-asserted-by":"crossref","first-page":"4764","DOI":"10.3390\/app9224764","article-title":"Malicious PDF detection model against adversarial attack built from benign PDF containing javascript","volume":"9","author":"Kang","year":"2019","journal-title":"Appl Sci"},{"key":"10.1016\/j.jisa.2026.104487_bib0057","series-title":"20th USENIX security symposium (USENIX security 11)","article-title":"{SHELLOS}: Enabling fast detection and forensic analysis of code injection attacks","author":"Snow","year":"2011"},{"key":"10.1016\/j.jisa.2026.104487_bib0058","series-title":"Proceedings of the 19th international conference on world wide web","first-page":"281","article-title":"Detection and analysis of drive-by-download attacks and malicious javascript code","author":"Cova","year":"2010"},{"key":"10.1016\/j.jisa.2026.104487_bib0059","series-title":"2015 International carnahan conference on security technology (ICCST)","first-page":"299","article-title":"Efficient spear-phishing threat detection using hypervisor monitor","author":"Lin","year":"2015"},{"issue":"6","key":"10.1016\/j.jisa.2026.104487_bib0060","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3365001","article-title":"Malware dynamic analysis evasion techniques: a survey","volume":"52","author":"Afianian","year":"2019","journal-title":"ACM Comput Surv (CSUR)"},{"key":"10.1016\/j.jisa.2026.104487_bib0061","series-title":"International conference on machine learning","first-page":"448","article-title":"Batch normalization: accelerating deep network training by reducing internal covariate shift","author":"Ioffe","year":"2015"},{"key":"10.1016\/j.jisa.2026.104487_bib0062","first-page":"2483","article-title":"How does batch normalization help optimization?","volume":"31","author":"Santurkar","year":"2018","journal-title":"Adv Neural Inf Process Syst"},{"key":"10.1016\/j.jisa.2026.104487_bib0063","series-title":"International conference on machine learning","first-page":"933","article-title":"Language modeling with gated convolutional networks","author":"Dauphin","year":"2017"},{"key":"10.1016\/j.jisa.2026.104487_bib0064","first-page":"1731","article-title":"Train longer, generalize better: closing the generalization gap in large batch training of neural networks","volume":"30","author":"Hoffer","year":"2017","journal-title":"Adv Neural Inf Process Syst"},{"key":"10.1016\/j.jisa.2026.104487_bib0065","series-title":"International conference on machine learning","first-page":"1243","article-title":"Convolutional sequence to sequence learning","author":"Gehring","year":"2017"},{"key":"10.1016\/j.jisa.2026.104487_bib0066","series-title":"International conference on machine learning","first-page":"1614","article-title":"From softmax to sparsemax: a sparse model of attention and multi-label classification","author":"Martins","year":"2016"},{"key":"10.1016\/j.jisa.2026.104487_bib0067","doi-asserted-by":"crossref","unstructured":"Peters B., Niculae V., Martins A.F.T.. Sparse sequence-to-sequence models. 2019.arXiv: 190505702.","DOI":"10.18653\/v1\/P19-1146"},{"key":"10.1016\/j.jisa.2026.104487_bib0068","doi-asserted-by":"crossref","unstructured":"Correia G.M., Niculae V., Martins A.F.T.. Adaptively sparse transformers. 2019. arXiv: 190900015.","DOI":"10.18653\/v1\/D19-1223"},{"key":"10.1016\/j.jisa.2026.104487_bib0069","first-page":"529","article-title":"Semi-supervised learning by entropy minimization","volume":"17","author":"Grandvalet","year":"2004","journal-title":"Adv Neural Inf Process Syst"},{"key":"10.1016\/j.jisa.2026.104487_bib0070","doi-asserted-by":"crossref","DOI":"10.1016\/j.patcog.2020.107245","article-title":"Hyper-parameter optimization in classification: to-do or not-to-do","volume":"103","author":"Tran","year":"2020","journal-title":"Pattern Recognit"},{"issue":"2","key":"10.1016\/j.jisa.2026.104487_bib0071","article-title":"Hyperparameter optimization: foundations, algorithms, best practices, and open challenges","volume":"13","author":"Bischl","year":"2023","journal-title":"Wiley Interdiscip Rev Data Min Knowl Discovery"},{"issue":"2","key":"10.1016\/j.jisa.2026.104487_bib0072","article-title":"Random search for hyper-parameter optimization","volume":"13","author":"Bergstra","year":"2012","journal-title":"J Mach Learn Res"},{"issue":"1","key":"10.1016\/j.jisa.2026.104487_bib0073","doi-asserted-by":"crossref","first-page":"148","DOI":"10.1109\/JPROC.2015.2494218","article-title":"Taking the human out of the loop: a review of bayesian optimization","volume":"104","author":"Shahriari","year":"2015","journal-title":"Proc IEEE"},{"key":"10.1016\/j.jisa.2026.104487_bib0074","series-title":"Proceedings of the 25th ACM SIGKDD international conference on knowledge discovery & data mining","first-page":"2623","article-title":"Optuna: a next-generation hyperparameter optimization framework","author":"Akiba","year":"2019"},{"key":"10.1016\/j.jisa.2026.104487_bib0075","doi-asserted-by":"crossref","DOI":"10.1016\/j.bspc.2021.103456","article-title":"hyOPTXg: OPTUNA hyper-parameter optimization framework for predicting cardiovascular disease using XGBoost","volume":"73","author":"Srinivas","year":"2022","journal-title":"Biomed Signal Process Control"},{"key":"10.1016\/j.jisa.2026.104487_bib0076","first-page":"2546","article-title":"Algorithms for hyper-parameter optimization","volume":"24","author":"Bergstra","year":"2011","journal-title":"Adv Neural Inf Process Syst"},{"issue":"2","key":"10.1016\/j.jisa.2026.104487_bib0077","doi-asserted-by":"crossref","first-page":"159","DOI":"10.1162\/106365601750190398","article-title":"Completely derandomized self-adaptation in evolution strategies","volume":"9","author":"Hansen","year":"2001","journal-title":"Evol Comput"},{"key":"10.1016\/j.jisa.2026.104487_bib0078","doi-asserted-by":"crossref","first-page":"575","DOI":"10.1007\/s10107-018-1312-2","article-title":"Maximization of auc and buffered auc in binary classification","volume":"174","author":"Norton","year":"2019","journal-title":"Math Program"},{"key":"10.1016\/j.jisa.2026.104487_bib0079","article-title":"A novel adversarial example detection method for malicious PDFs using multiple mutated classifiers","volume":"38","author":"Liu","year":"2021","journal-title":"Forensic Sci Int Digit Invest"},{"key":"10.1016\/j.jisa.2026.104487_bib0080","first-page":"2825","article-title":"Scikit-learn: machine learning in python","volume":"12","author":"Pedregosa","year":"2011","journal-title":"J Mach Learn Res"},{"key":"10.1016\/j.jisa.2026.104487_bib0081","doi-asserted-by":"crossref","first-page":"4187","DOI":"10.53730\/ijhs.v6nS5.9540","article-title":"Invasive weed optimization with stacked long short term memory for PDF malware detection and classification","volume":"6","author":"Chandran","year":"2022","journal-title":"Int J Health Sci"},{"key":"10.1016\/j.jisa.2026.104487_bib0082","series-title":"Increased evasion resilience in modern PDF malware detectors: Using a more evasive training dataset","author":"Ekholm","year":"2022"}],"container-title":["Journal of Information Security and Applications"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S2214212626001171?httpAccept=text\/xml","content-type":"text\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S2214212626001171?httpAccept=text\/plain","content-type":"text\/plain","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2026,6,8]],"date-time":"2026-06-08T23:29:57Z","timestamp":1780961397000},"score":1,"resource":{"primary":{"URL":"https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S2214212626001171"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,7]]},"references-count":82,"alternative-id":["S2214212626001171"],"URL":"https:\/\/doi.org\/10.1016\/j.jisa.2026.104487","relation":{},"ISSN":["2214-2126"],"issn-type":[{"value":"2214-2126","type":"print"}],"subject":[],"published":{"date-parts":[[2026,7]]},"assertion":[{"value":"Elsevier","name":"publisher","label":"This article is maintained by"},{"value":"Unveiling malicious PDF behavior: Interpretable classification and profiling malicious PDF using TabNet","name":"articletitle","label":"Article Title"},{"value":"Journal of Information Security and Applications","name":"journaltitle","label":"Journal Title"},{"value":"https:\/\/doi.org\/10.1016\/j.jisa.2026.104487","name":"articlelink","label":"CrossRef DOI link to publisher maintained version"},{"value":"article","name":"content_type","label":"Content Type"},{"value":"\u00a9 2026 Elsevier Ltd. All rights are reserved, including those for text and data mining, AI training, and similar technologies.","name":"copyright","label":"Copyright"}],"article-number":"104487"}}